Comment 0 for bug 1045081
Revision history for this message
| Jamie Strandboge (jdstrand) wrote child Cx transition to grandchild transition silently fails, and child Px to sibling transition fails | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I noticed that apparmor does not transition from a child to a grandchild. Eg:
/tmp/foo {
/tmp/bar Cx -> bar, # works
profile bar {
/tmp/baz Cx -> baz, # does not work
profile baz {
}
}
}
The following child to a sibling also fails:
/tmp/foo {
/tmp/bar Cx -> bar, # works
profile bar {
/tmp/baz Px -> baz, # does not work
}
profile baz {
}
}
Attached is a tarball that shows how transitions work for ix, px, px to an uncle, px to a sibling, and cx to a grandchild. Run it with:
$ tar -zxf ./apparmor.tar.gz
$ cd ./apparmor
$ ./poc.sh
= profile-ix =
start
foo
bar
baz
pass
= profile-px =
start
foo
bar
baz
pass
= profile-px-sibling =
start
foo
/tmp/bug/bar: /tmp/bug/baz: /bin/sh: bad interpreter: No such file or directory
FAIL
= profile-px-uncle =
start
foo
bar
baz
pass
= profile-
apparmor_parser: Unable to replace "baz". Profile doesn't exist
start
foo
/tmp/bug/bar: /tmp/bug/baz: /bin/sh: bad interpreter: No such file or directory
FAIL
Cleaning up
removing profile-
removing profile-ix
removing profile-px
removing profile-px-sibling
removing profile-px-uncle
[1]
$